> Open/closed source software and secure/unsecure software are orthogonal concepts
No, they are not. It's fundamentally impossible to secure proprietary software because you have to trust its provider the software does what it says it does whereas with open-source you can always check for yourself. Any backdoor in open-source software is there to be exposed and corrected.
With proprietary software only one party can disclose vulnerabilities and in open-source anyone with the knowledge can do it. You can choose to trust a single party or choose to trust a myriad of different parties any one of which can blow the whistle if they find something fishy.
I find it highly unlikely a backdoor to a popular open-source application could remain there for long. I don't think it's unlikely at all with proprietary software where there is no incentive to fix a problem until someone outside the company learns about it.
It is not impossible. There is no reason why closed source software can not be secure. Yes, you can not convince yourself in the same way you can with open source software but again secure software and the ability to convince yourself that a software is secure are different things.
You get no proof for open source software either unless you perform a formal verification. And even then your proof may be wrong.
But maybe we can agree on the following. Closed source software can be secure but there is a broad spectrum of needs for convincing someone that a software is secure and this need may be better served with open source software in some circumstances. For some it is sufficient to trust a vendor. Some want to audit the source code (and this does not exclude closed source software). Some even need formal verification maybe even of the underlying hardware.
You're
trying to apply an impossible standard to closed source software that
software that was that developed from the start to be open source and
developed in the open cannot meet.
No, they are not. It's fundamentally impossible to secure proprietary software because you have to trust its provider the software does what it says it does whereas with open-source you can always check for yourself. Any backdoor in open-source software is there to be exposed and corrected.
With proprietary software only one party can disclose vulnerabilities and in open-source anyone with the knowledge can do it. You can choose to trust a single party or choose to trust a myriad of different parties any one of which can blow the whistle if they find something fishy.
I find it highly unlikely a backdoor to a popular open-source application could remain there for long. I don't think it's unlikely at all with proprietary software where there is no incentive to fix a problem until someone outside the company learns about it.